So I am sitting in front of a server today that has been shall we say "compromised" This isn't usually my cup of tea but I somehow got stuck with the job of fixing/cleaning it.
From what I can tell, someone hacked it, installed some form of an edonkey/emule server on it and has been passing massive amounts of files over it the last couple of weeks. 2 harddrives that should have about 1-5 gigs of used space had 100-120 gigs of used space all conveniently hidden under that little hidden system "recycler" folder. Cleaning the drives is not an issue, I intend on backing each one up and then just formatting them since they are merely storage drives.
My question is: How the hell do you find and remove this filesharing program/virus/spyware whatever the hell it is. I can't even see an obvious process running that shouldn't be there but when I do port scans I see lots of file sharing activity. The machine is supposedly protected with Norton Corporate which isn't worth a crap. There must be at least 1 trojan on here and some file sharing program.
Any suggestions from all you experts out there that do this for a living, I'm just a lowly programmer, I don't usually deal with admin stuff.
Edit: reformatting is a very VERY undesirable option here.
From what I can tell, someone hacked it, installed some form of an edonkey/emule server on it and has been passing massive amounts of files over it the last couple of weeks. 2 harddrives that should have about 1-5 gigs of used space had 100-120 gigs of used space all conveniently hidden under that little hidden system "recycler" folder. Cleaning the drives is not an issue, I intend on backing each one up and then just formatting them since they are merely storage drives.
My question is: How the hell do you find and remove this filesharing program/virus/spyware whatever the hell it is. I can't even see an obvious process running that shouldn't be there but when I do port scans I see lots of file sharing activity. The machine is supposedly protected with Norton Corporate which isn't worth a crap. There must be at least 1 trojan on here and some file sharing program.
Any suggestions from all you experts out there that do this for a living, I'm just a lowly programmer, I don't usually deal with admin stuff.
Edit: reformatting is a very VERY undesirable option here.